![]() ![]() ![]() It checks for environment artifacts such as the user, computer name, and if it is domain-joined.īatloader is a modular malware that communicates with its C&C server and has been observed to drop malware according to the specifications of the victim host it has infected. This can prevent sandboxes with file size limits from properly detonating and observing the behavior of the file.īatloader fingerprints the host to determine if it is a legitimate victim. The table below summarizes the capabilities of Batloader: Capabilityīatloader is usually inflated to a very large size by being bundled to a legitimate installer file. We also shed light on noteworthy Water Minyades-related events and give a detailed look at Batloader’s technical details. ![]() In this blog entry, we discuss notable Batloader campaigns that we’ve observed in the last quarter of 2022, including the abuse of custom action scripts from the Advanced Installer software and Windows Installer XML (WiX) toolset, the use of obfuscated JavaScript files as a first-stage payload, and the use of PyArmor tool to obfuscate Batloader Python scripts. Earlier this year, Mandiant researchers observed Batloader using search engine optimization (SEO) poisoning techniques in its attacks.īatloader is associated with an intrusion set that we have dubbed “Water Minyades.” The actors behind Water Minyades are known for delivering other malware during the last quarter of 2022, such as Qakbot, RaccoonStealer, and Bumbleloader via social engineering techniques. We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader).īatloader (detected by Trend Micro as Trojan.Win 32.BATLOADER), is an initial access malware family that is known for using malvertising techniques and using script-based malware inside Microsoft Software Installation (MSI) packages downloaded from legitimate-looking-yet-malicious websites. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |